ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

zScaler VPN connections report regular "internal error" when SEP for Mac firewall is enabled


Article ID: 187967


Updated On:


Endpoint Protection


zScaler VPN connections report regular "internal error" when SEP for Mac firewall is enabled—even when firewall is set to allow all network traffic. 

zScaler typically displays "Internal Error" every few minutes with a "Retry" button.


Under investigation.


Component : SEP for Mac

Release : all versions up to 14.3


If you are troubleshooting SEP for Mac firewall rules, an "Allow All" rule at the top the settings might not work at first. Try instead to use an "Allow All" rule that explicitly allows a range of remote IP addresses, IPv4 thru and IPv6 0000:0000:0000:0000:0000:0000:0000:0000 thru FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

If this works, then consult your VPN documentation for the exact ports and network ranges used, and refine your "Allow VPN" rule.

Examine output of "ifconfig" command line on a Mac client, and look for "utun" interfaces which are used by VPN software. For example:

utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
 inet --> netmask 0xffff0000

Allowing remote IP range– for the example above would allow the remote IPs used by VPN on this interface.

Consult your zScaler configuration and support pages for specific ports used by the software and add those ports to the rule to make it more selective.